Hi!
Here is a diff which updates rxvt-unicode to 9.09. I've sent it to the maintainer too, but he didn't respond. make update-patch made the regenerated patches end with '_C' instead of '_c'. I don't know if it's ok, or why was it lowercase in the first place, given that in the dist.source it is all uppercase. One patch is not needed anymore (patch-src_rxvt_h) and one patch can be trimmed (patch-src_init_c), because upstream got in similar modifications (regarding the terminal colors), so apply with patch -E. I've tested this on i386, and I'm using it on a daily basis; so far so good. Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
Index: Makefile =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/Makefile,v retrieving revision 1.5 diff -p -u -r1.5 Makefile --- Makefile 24 Oct 2010 21:15:34 -0000 1.5 +++ Makefile 14 Nov 2010 14:19:06 -0000 @@ -2,8 +2,7 @@ COMMENT = clone of rxvt with Unicode and Xft support -DISTNAME = rxvt-unicode-9.07 -REVISION= 0 +DISTNAME = rxvt-unicode-9.09 CATEGORIES = x11 EXTRACT_SUFX = .tar.bz2 Index: distinfo =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/distinfo,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 distinfo --- distinfo 3 May 2010 16:35:20 -0000 1.1.1.1 +++ distinfo 14 Nov 2010 14:19:06 -0000 @@ -1,5 +1,5 @@ -MD5 (rxvt-unicode-9.07.tar.bz2) = SbtSyZ4AK/hetB2DhdkDtQ== -RMD160 (rxvt-unicode-9.07.tar.bz2) = 4g0w6sYbxW3qydoRtNBJ+6w/O2Y= -SHA1 (rxvt-unicode-9.07.tar.bz2) = DmI9qhXEW6Ot1iInfTJJOpcFlhk= -SHA256 (rxvt-unicode-9.07.tar.bz2) = xaBjjKgkmWgGUHam8X5uSZ8x/ckFD3Gq5OqFysaqxaM= -SIZE (rxvt-unicode-9.07.tar.bz2) = 858616 +MD5 (rxvt-unicode-9.09.tar.bz2) = NQWIetrnEDgu3ukO1VOKAQ== +RMD160 (rxvt-unicode-9.09.tar.bz2) = KDrYdbNVtRqB01uk3kkwz5aqZ3w= +SHA1 (rxvt-unicode-9.09.tar.bz2) = AuwbXJwd/yQb/DttLCp+XACqR60= +SHA256 (rxvt-unicode-9.09.tar.bz2) = KJETFnK06Ey+5Kg/2n0DPFOYtx+Nx7m/g9BNnvH8gZw= +SIZE (rxvt-unicode-9.09.tar.bz2) = 883665 Index: patches/patch-configure_ac =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/patches/patch-configure_ac,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 patch-configure_ac --- patches/patch-configure_ac 3 May 2010 16:35:22 -0000 1.1.1.1 +++ patches/patch-configure_ac 14 Nov 2010 14:19:06 -0000 @@ -1,6 +1,6 @@ -$OpenBSD: patch-configure_ac,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ ---- configure.ac.orig Sat Dec 26 11:18:16 2009 -+++ configure.ac Thu Apr 22 13:48:56 2010 +$OpenBSD$ +--- configure.ac.orig Wed Nov 3 22:00:51 2010 ++++ configure.ac Sun Nov 14 14:23:05 2010 @@ -90,6 +90,7 @@ support_selectionscrolling=yes support_mousewheel=yes support_mouseslipwheel=yes @@ -9,7 +9,7 @@ $OpenBSD: patch-configure_ac,v 1.1.1.1 2 support_pointer_blank=yes support_scroll_rxvt=yes support_scroll_next=yes -@@ -124,6 +125,7 @@ AC_ARG_ENABLE(everything, +@@ -123,6 +124,7 @@ AC_ARG_ENABLE(everything, support_mousewheel=no support_mouseslipwheel=no support_text_blink=no @@ -17,7 +17,7 @@ $OpenBSD: patch-configure_ac,v 1.1.1.1 2 support_pointer_blank=no support_scroll_rxvt=no support_scroll_next=no -@@ -152,6 +154,7 @@ AC_ARG_ENABLE(everything, +@@ -150,6 +152,7 @@ AC_ARG_ENABLE(everything, support_mousewheel=yes support_mouseslipwheel=yes support_text_blink=yes @@ -25,7 +25,7 @@ $OpenBSD: patch-configure_ac,v 1.1.1.1 2 support_pointer_blank=yes support_scroll_rxvt=yes support_scroll_next=yes -@@ -398,6 +401,12 @@ AC_ARG_ENABLE(text-blink, +@@ -404,6 +407,12 @@ AC_ARG_ENABLE(text-blink, support_text_blink=$enableval fi]) @@ -36,9 +36,9 @@ $OpenBSD: patch-configure_ac,v 1.1.1.1 2 + fi]) + AC_ARG_ENABLE(pointer-blank, - [ --enable-pointer-blank enable pointer blank when typing or inactive pointer], + [ --enable-pointer-blank enable pointer blanking when typing or inactive], [if test x$enableval = xyes -o x$enableval = xno; then -@@ -670,6 +679,9 @@ fi +@@ -722,6 +731,9 @@ fi if test x$support_text_blink = xyes; then AC_DEFINE(TEXT_BLINK, 1, Define if you want blinking text support) fi @@ -48,7 +48,7 @@ $OpenBSD: patch-configure_ac,v 1.1.1.1 2 if test x$support_unicode3 = xyes; then AC_DEFINE(UNICODE_3, 1, Define if you want to represent unicode characters outside plane 0) fi -@@ -770,6 +782,9 @@ if test x$term != x; then +@@ -808,6 +820,9 @@ if test x$term != x; then fi if test x$terminfo != x; then echo " set TERMINFO to: $terminfo" Index: patches/patch-doc_Makefile_in =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/patches/patch-doc_Makefile_in,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 patch-doc_Makefile_in --- patches/patch-doc_Makefile_in 3 May 2010 16:35:22 -0000 1.1.1.1 +++ patches/patch-doc_Makefile_in 14 Nov 2010 14:19:06 -0000 @@ -1,6 +1,6 @@ -$OpenBSD: patch-doc_Makefile_in,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ ---- doc/Makefile.in.orig Wed Apr 21 15:23:56 2010 -+++ doc/Makefile.in Wed Apr 21 15:24:12 2010 +$OpenBSD$ +--- doc/Makefile.in.orig Sun Apr 4 01:12:38 2010 ++++ doc/Makefile.in Sun Nov 14 14:23:05 2010 @@ -98,7 +98,6 @@ install: all $(INSTALL_DATA) rxvt.7.man $(DESTDIR)$(man7dir)/$(RXVTNAME).$(man7ext) @IF_PERL@ $(INSTALL) -d $(DESTDIR)$(man3dir) Index: patches/patch-doc_rxvtd_1_man_in =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/patches/patch-doc_rxvtd_1_man_in,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 patch-doc_rxvtd_1_man_in --- patches/patch-doc_rxvtd_1_man_in 3 May 2010 16:35:23 -0000 1.1.1.1 +++ patches/patch-doc_rxvtd_1_man_in 14 Nov 2010 14:19:06 -0000 @@ -1,6 +1,6 @@ -$OpenBSD: patch-doc_rxvtd_1_man_in,v 1.1.1.1 2010/05/03 16:35:23 dcoppa Exp $ ---- doc/rxvtd.1.man.in.orig Tue Apr 27 18:14:47 2010 -+++ doc/rxvtd.1.man.in Tue Apr 27 18:15:41 2010 +$OpenBSD$ +--- doc/rxvtd.1.man.in.orig Wed Dec 30 07:13:12 2009 ++++ doc/rxvtd.1.man.in Sun Nov 14 14:23:05 2010 @@ -133,7 +133,7 @@ @@RXVT_NAME@@d \- @@RXVT_NAME@@ terminal daemon .SH "SYNOPSIS" Index: patches/patch-src_command_C =================================================================== RCS file: patches/patch-src_command_C diff -N patches/patch-src_command_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_command_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,121 @@ +$OpenBSD$ +--- src/command.C.orig Sun Oct 24 19:52:47 2010 ++++ src/command.C Sun Nov 14 14:25:00 2010 +@@ -186,15 +186,15 @@ rxvt_term::iso14755_51 (unicode_t ch, rend_t r, int x, + + char attr[80]; // plenty + +- sprintf (attr, "%08x = fg %d bg %d%s%s%s%s%s%s", +- (int)r, +- fgcolor_of (r), bgcolor_of (r), +- r & RS_Bold ? " bold" : "", +- r & RS_Italic ? " italic" : "", +- r & RS_Blink ? " blink" : "", +- r & RS_RVid ? " rvid" : "", +- r & RS_Uline ? " uline" : "", +- r & RS_Careful ? " careful" : ""); ++ snprintf (attr, sizeof (attr), "%08x = fg %d bg %d%s%s%s%s%s%s", ++ (int)r, ++ fgcolor_of (r), bgcolor_of (r), ++ r & RS_Bold ? " bold" : "", ++ r & RS_Italic ? " italic" : "", ++ r & RS_Blink ? " blink" : "", ++ r & RS_RVid ? " rvid" : "", ++ r & RS_Uline ? " uline" : "", ++ r & RS_Careful ? " careful" : ""); + + int width = 0; + fname = rxvt_temp_buf<wchar_t *> (len); +@@ -224,7 +224,7 @@ rxvt_term::iso14755_51 (unicode_t ch, rend_t r, int x, + + ch = *chr++; + +- sprintf (buf, "%8x", ch); ++ snprintf (buf, sizeof (buf), "%8x", ch); + scr_overlay_set (0, y, buf); + scr_overlay_set (9, y, '='); + # if !UNICODE_3 +@@ -665,17 +665,17 @@ rxvt_term::key_press (XKeyEvent &ev) + kbuf[1] = '\0'; + } + else +- strcpy (kbuf, rs[Rs_backspace_key]); ++ strlcpy (kbuf, rs[Rs_backspace_key], sizeof (kbuf)); + break; + #endif + #ifndef NO_DELETE_KEY + case XK_Delete: +- strcpy (kbuf, rs[Rs_delete_key]); ++ strlcpy (kbuf, rs[Rs_delete_key], sizeof (kbuf)); + break; + #endif + case XK_Tab: + if (shft) +- strcpy (kbuf, "\033[Z"); ++ strlcpy (kbuf, "\033[Z", sizeof (kbuf)); + else + { + #ifdef CTRL_TAB_MAKES_META +@@ -694,7 +694,7 @@ rxvt_term::key_press (XKeyEvent &ev) + case XK_Down: /* "\033[B" */ + case XK_Right: /* "\033[C" */ + case XK_Left: /* "\033[D" */ +- strcpy (kbuf, "\033[Z"); ++ strlcpy (kbuf, "\033[Z", sizeof (kbuf)); + kbuf[2] = "DACB"[keysym - XK_Left]; + /* do Shift first */ + if (shft) +@@ -712,7 +712,7 @@ rxvt_term::key_press (XKeyEvent &ev) + /* allow shift to override */ + if (kp) + { +- strcpy (kbuf, "\033OM"); ++ strlcpy (kbuf, "\033OM", sizeof (kbuf)); + break; + } + +@@ -736,7 +736,7 @@ rxvt_term::key_press (XKeyEvent &ev) + case XK_KP_F2: /* "\033OQ" */ + case XK_KP_F3: /* "\033OR" */ + case XK_KP_F4: /* "\033OS" */ +- strcpy (kbuf, "\033OP"); ++ strlcpy (kbuf, "\033OP", sizeof (kbuf)); + kbuf[2] += (keysym - XK_KP_F1); + break; + +@@ -759,7 +759,7 @@ rxvt_term::key_press (XKeyEvent &ev) + /* allow shift to override */ + if (kp) + { +- strcpy (kbuf, "\033Oj"); ++ strlcpy (kbuf, "\033Oj", sizeof (kbuf)); + kbuf[2] += (keysym - XK_KP_Multiply); + } + else +@@ -773,7 +773,7 @@ rxvt_term::key_press (XKeyEvent &ev) + { + int param = map_function_key (keysym); + if (param > 0) +- sprintf (kbuf,"\033[%d~", param); ++ snprintf (kbuf, sizeof (kbuf),"\033[%d~", param); + else + newlen = 0; + } +@@ -799,7 +799,7 @@ rxvt_term::key_press (XKeyEvent &ev) + } + else if (keysym == XK_ISO_Left_Tab) + { +- strcpy (kbuf, "\033[Z"); ++ strlcpy (kbuf, "\033[Z", sizeof (kbuf)); + len = 3; + } + else +@@ -3439,7 +3439,7 @@ rxvt_term::process_xterm_seq (int op, char *str, char + { + char str[256]; + +- sprintf (str, "[%dx%d+%d+%d]", ++ snprintf (str, sizeof (str), "[%dx%d+%d+%d]", + min (bgPixmap.h_scale, 32767), min (bgPixmap.v_scale, 32767), + min (bgPixmap.h_align, 32767), min (bgPixmap.v_align, 32767)); + process_xterm_seq (XTerm_title, str, CHAR_ST); Index: patches/patch-src_command_c =================================================================== RCS file: patches/patch-src_command_c diff -N patches/patch-src_command_c --- patches/patch-src_command_c 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,131 +0,0 @@ -$OpenBSD: patch-src_command_c,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/command.C rxvt-unicode-9.07/src/command.C ---- src/command.C.orig Sat May 30 11:49:22 2009 -+++ src/command.C Tue Apr 27 18:13:09 2010 -@@ -189,15 +189,15 @@ rxvt_term::iso14755_51 (unicode_t ch, rend_t r, int x, - - char attr[80]; // plenty - -- sprintf (attr, "%08x = fg %d bg %d%s%s%s%s%s%s", -- (int)r, -- fgcolor_of (r), bgcolor_of (r), -- r & RS_Bold ? " bold" : "", -- r & RS_Italic ? " italic" : "", -- r & RS_Blink ? " blink" : "", -- r & RS_RVid ? " rvid" : "", -- r & RS_Uline ? " uline" : "", -- r & RS_Careful ? " careful" : ""); -+ snprintf (attr, sizeof (attr), "%08x = fg %d bg %d%s%s%s%s%s%s", -+ (int)r, -+ fgcolor_of (r), bgcolor_of (r), -+ r & RS_Bold ? " bold" : "", -+ r & RS_Italic ? " italic" : "", -+ r & RS_Blink ? " blink" : "", -+ r & RS_RVid ? " rvid" : "", -+ r & RS_Uline ? " uline" : "", -+ r & RS_Careful ? " careful" : ""); - - int width = wcswidth (fname, wcslen (fname)); - -@@ -220,7 +220,7 @@ rxvt_term::iso14755_51 (unicode_t ch, rend_t r, int x, - - ch = *chr++; - -- sprintf (buf, "%8x", ch); -+ snprintf (buf, sizeof (buf), "%8x", ch); - scr_overlay_set (0, y, buf); - scr_overlay_set (9, y, '='); - # if !UNICODE_3 -@@ -657,17 +657,17 @@ rxvt_term::key_press (XKeyEvent &ev) - kbuf[1] = '\0'; - } - else -- strcpy (kbuf, rs[Rs_backspace_key]); -+ strlcpy (kbuf, rs[Rs_backspace_key], sizeof (kbuf)); - break; - #endif - #ifndef NO_DELETE_KEY - case XK_Delete: -- strcpy (kbuf, rs[Rs_delete_key]); -+ strlcpy (kbuf, rs[Rs_delete_key], sizeof (kbuf)); - break; - #endif - case XK_Tab: - if (shft) -- strcpy (kbuf, "\033[Z"); -+ strlcpy (kbuf, "\033[Z", sizeof (kbuf)); - else - { - #ifdef CTRL_TAB_MAKES_META -@@ -686,7 +686,7 @@ rxvt_term::key_press (XKeyEvent &ev) - case XK_Down: /* "\033[B" */ - case XK_Right: /* "\033[C" */ - case XK_Left: /* "\033[D" */ -- strcpy (kbuf, "\033[Z"); -+ strlcpy (kbuf, "\033[Z", sizeof (kbuf)); - kbuf[2] = "DACB"[keysym - XK_Left]; - /* do Shift first */ - if (shft) -@@ -704,7 +704,7 @@ rxvt_term::key_press (XKeyEvent &ev) - /* allow shift to override */ - if (kp) - { -- strcpy (kbuf, "\033OM"); -+ strlcpy (kbuf, "\033OM", sizeof (kbuf)); - break; - } - -@@ -728,7 +728,7 @@ rxvt_term::key_press (XKeyEvent &ev) - case XK_KP_F2: /* "\033OQ" */ - case XK_KP_F3: /* "\033OR" */ - case XK_KP_F4: /* "\033OS" */ -- strcpy (kbuf, "\033OP"); -+ strlcpy (kbuf, "\033OP", sizeof (kbuf)); - kbuf[2] += (keysym - XK_KP_F1); - break; - -@@ -751,7 +751,7 @@ rxvt_term::key_press (XKeyEvent &ev) - /* allow shift to override */ - if (kp) - { -- strcpy (kbuf, "\033Oj"); -+ strlcpy (kbuf, "\033Oj", sizeof (kbuf)); - kbuf[2] += (keysym - XK_KP_Multiply); - } - else -@@ -765,7 +765,7 @@ rxvt_term::key_press (XKeyEvent &ev) - { - int param = map_function_key (keysym); - if (param > 0) -- sprintf (kbuf,"\033[%d~", param); -+ snprintf (kbuf, sizeof (kbuf),"\033[%d~", param); - else - newlen = 0; - } -@@ -791,7 +791,7 @@ rxvt_term::key_press (XKeyEvent &ev) - } - else if (keysym == XK_ISO_Left_Tab) - { -- strcpy (kbuf, "\033[Z"); -+ strlcpy (kbuf, "\033[Z", sizeof (kbuf)); - len = 3; - } - else -@@ -3431,9 +3431,9 @@ rxvt_term::process_xterm_seq (int op, char *str, char - { - char str[256]; - -- sprintf (str, "[%dx%d+%d+%d]", /* can't presume snprintf () ! */ -- min (bgPixmap.h_scale, 32767), min (bgPixmap.v_scale, 32767), -- min (bgPixmap.h_align, 32767), min (bgPixmap.v_align, 32767)); -+ snprintf (str, sizeof (str), "[%dx%d+%d+%d]", -+ min (bgPixmap.h_scale, 32767), min (bgPixmap.v_scale, 32767), -+ min (bgPixmap.h_align, 32767), min (bgPixmap.v_align, 32767)); - process_xterm_seq (XTerm_title, str, CHAR_ST); - } - else Index: patches/patch-src_feature_h =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/patches/patch-src_feature_h,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 patch-src_feature_h --- patches/patch-src_feature_h 3 May 2010 16:35:22 -0000 1.1.1.1 +++ patches/patch-src_feature_h 14 Nov 2010 14:19:06 -0000 @@ -1,6 +1,6 @@ -$OpenBSD: patch-src_feature_h,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ +$OpenBSD$ --- src/feature.h.orig Sat May 30 10:48:11 2009 -+++ src/feature.h Thu Apr 22 13:38:22 2010 ++++ src/feature.h Sun Nov 14 14:23:05 2010 @@ -34,6 +34,8 @@ # define XAPPLOADDIRLOCALE X11LIBDIR "/%s/app-defaults" #endif Index: patches/patch-src_init_C =================================================================== RCS file: patches/patch-src_init_C diff -N patches/patch-src_init_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_init_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,74 @@ +$OpenBSD$ +--- src/init.C.orig Sat Oct 16 00:06:26 2010 ++++ src/init.C Sun Nov 14 14:23:05 2010 +@@ -108,7 +108,7 @@ rxvt_network_display (const char *display) + { + struct ifreq ifr2; + +- strcpy (ifr2.ifr_name, ifr->ifr_name); ++ strlcpy (ifr2.ifr_name, ifr->ifr_name, sizeof(ifr2.ifr_name)); + + if (ioctl (skfd, SIOCGIFADDR, &ifr2) >= 0) + { +@@ -128,12 +128,13 @@ rxvt_network_display (const char *display) + if (colon == NULL) + colon = ":0.0"; + +- rval = rxvt_malloc (strlen (colon) + 16); +- sprintf (rval, "%d.%d.%d.%d%s", +- (int) ((addr >> 030) & 0xFF), +- (int) ((addr >> 020) & 0xFF), +- (int) ((addr >> 010) & 0xFF), +- (int) (addr & 0xFF), colon); ++ size_t rval_size = strlen (colon) + 16; ++ rval = rxvt_malloc (rval_size); ++ snprintf (rval, rval_size, "%d.%d.%d.%d%s", ++ (int) ((addr >> 030) & 0xFF), ++ (int) ((addr >> 020) & 0xFF), ++ (int) ((addr >> 010) & 0xFF), ++ (int) (addr & 0xFF), colon); + break; + } + } +@@ -918,11 +919,12 @@ rxvt_term::init_env () + rs[Rs_display_name] = val; /* use broken `:0' value */ + + i = strlen (val); +- env_display = (char *)rxvt_malloc (i + 9); ++ size_t env_display_size = i + 9; ++ env_display = (char *)rxvt_malloc (env_display_size); + +- sprintf (env_display, "DISPLAY=%s", val); ++ snprintf (env_display, env_display_size, "DISPLAY=%s", val); + +- sprintf (env_windowid, "WINDOWID=%lu", (unsigned long)parent[0]); ++ snprintf (env_windowid, sizeof (env_windowid), "WINDOWID=%lu", (unsigned long)parent[0]); + + /* add entries to the environment: + * @ DISPLAY: in case we started with -display +@@ -949,8 +951,9 @@ rxvt_term::init_env () + + if (rs[Rs_term_name] != NULL) + { +- env_term = (char *)rxvt_malloc (strlen (rs[Rs_term_name]) + 6); +- sprintf (env_term, "TERM=%s", rs[Rs_term_name]); ++ size_t size = strlen (rs[Rs_term_name]) + 6; ++ env_term = (char *)rxvt_malloc (size); ++ snprintf (env_term, size, "TERM=%s", rs[Rs_term_name]); + putenv (env_term); + } + else +@@ -1749,10 +1752,11 @@ rxvt_term::run_child (const char *const *argv) + + if (option (Opt_loginShell)) + { +- login = (char *)rxvt_malloc (strlen (argv0) + 2); ++ size_t login_size = strlen (argv0) + 2; ++ login = (char *)rxvt_malloc (login_size); + + login[0] = '-'; +- strcpy (&login[1], argv0); ++ strlcpy (&login[1], argv0, login_size - sizeof(char)); + argv0 = login; + } + Index: patches/patch-src_init_c =================================================================== RCS file: patches/patch-src_init_c diff -N patches/patch-src_init_c --- patches/patch-src_init_c 3 May 2010 16:35:20 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,334 +0,0 @@ -$OpenBSD: patch-src_init_c,v 1.1.1.1 2010/05/03 16:35:20 dcoppa Exp $ ---- src/init.C.orig Sat May 30 11:53:46 2009 -+++ src/init.C Thu Apr 22 13:43:13 2010 -@@ -108,7 +108,7 @@ rxvt_network_display (const char *display) - { - struct ifreq ifr2; - -- strcpy (ifr2.ifr_name, ifr->ifr_name); -+ strlcpy (ifr2.ifr_name, ifr->ifr_name, sizeof(ifr2.ifr_name)); - - if (ioctl (skfd, SIOCGIFADDR, &ifr2) >= 0) - { -@@ -128,12 +128,13 @@ rxvt_network_display (const char *display) - if (colon == NULL) - colon = ":0.0"; - -- rval = rxvt_malloc (strlen (colon) + 16); -- sprintf (rval, "%d.%d.%d.%d%s", -- (int) ((addr >> 030) & 0xFF), -- (int) ((addr >> 020) & 0xFF), -- (int) ((addr >> 010) & 0xFF), -- (int) (addr & 0xFF), colon); -+ size_t rval_size = strlen (colon) + 16; -+ rval = rxvt_malloc (rval_size); -+ snprintf (rval, rval_size, "%d.%d.%d.%d%s", -+ (int) ((addr >> 030) & 0xFF), -+ (int) ((addr >> 020) & 0xFF), -+ (int) ((addr >> 010) & 0xFF), -+ (int) (addr & 0xFF), colon); - break; - } - } -@@ -176,6 +177,7 @@ const char *const def_colorName[] = - "rgb:00/ff/ff", // 6/14: bright cyan (Cyan) - "rgb:ff/ff/ff", // 7/15: bright white (White) - -+#if XTERM_COLORS == 88 - // 88 xterm colours - "rgb:00/00/00", - "rgb:00/00/8b", -@@ -249,6 +251,251 @@ const char *const def_colorName[] = - "rgb:b9/b9/b9", - "rgb:d0/d0/d0", - "rgb:e7/e7/e7", -+#elif XTERM_COLORS == 256 -+ // 256 xterm colours -+ "rgb:00/00/00", -+ "rgb:00/00/5f", -+ "rgb:00/00/87", -+ "rgb:00/00/af", -+ "rgb:00/00/d7", -+ "rgb:00/00/ff", -+ "rgb:00/5f/00", -+ "rgb:00/5f/5f", -+ "rgb:00/5f/87", -+ "rgb:00/5f/af", -+ "rgb:00/5f/d7", -+ "rgb:00/5f/ff", -+ "rgb:00/87/00", -+ "rgb:00/87/5f", -+ "rgb:00/87/87", -+ "rgb:00/87/af", -+ "rgb:00/87/d7", -+ "rgb:00/87/ff", -+ "rgb:00/af/00", -+ "rgb:00/af/5f", -+ "rgb:00/af/87", -+ "rgb:00/af/af", -+ "rgb:00/af/d7", -+ "rgb:00/af/ff", -+ "rgb:00/d7/00", -+ "rgb:00/d7/5f", -+ "rgb:00/d7/87", -+ "rgb:00/d7/af", -+ "rgb:00/d7/d7", -+ "rgb:00/d7/ff", -+ "rgb:00/ff/00", -+ "rgb:00/ff/5f", -+ "rgb:00/ff/87", -+ "rgb:00/ff/af", -+ "rgb:00/ff/d7", -+ "rgb:00/ff/ff", -+ "rgb:5f/00/00", -+ "rgb:5f/00/5f", -+ "rgb:5f/00/87", -+ "rgb:5f/00/af", -+ "rgb:5f/00/d7", -+ "rgb:5f/00/ff", -+ "rgb:5f/5f/00", -+ "rgb:5f/5f/5f", -+ "rgb:5f/5f/87", -+ "rgb:5f/5f/af", -+ "rgb:5f/5f/d7", -+ "rgb:5f/5f/ff", -+ "rgb:5f/87/00", -+ "rgb:5f/87/5f", -+ "rgb:5f/87/87", -+ "rgb:5f/87/af", -+ "rgb:5f/87/d7", -+ "rgb:5f/87/ff", -+ "rgb:5f/af/00", -+ "rgb:5f/af/5f", -+ "rgb:5f/af/87", -+ "rgb:5f/af/af", -+ "rgb:5f/af/d7", -+ "rgb:5f/af/ff", -+ "rgb:5f/d7/00", -+ "rgb:5f/d7/5f", -+ "rgb:5f/d7/87", -+ "rgb:5f/d7/af", -+ "rgb:5f/d7/d7", -+ "rgb:5f/d7/ff", -+ "rgb:5f/ff/00", -+ "rgb:5f/ff/5f", -+ "rgb:5f/ff/87", -+ "rgb:5f/ff/af", -+ "rgb:5f/ff/d7", -+ "rgb:5f/ff/ff", -+ "rgb:87/00/00", -+ "rgb:87/00/5f", -+ "rgb:87/00/87", -+ "rgb:87/00/af", -+ "rgb:87/00/d7", -+ "rgb:87/00/ff", -+ "rgb:87/5f/00", -+ "rgb:87/5f/5f", -+ "rgb:87/5f/87", -+ "rgb:87/5f/af", -+ "rgb:87/5f/d7", -+ "rgb:87/5f/ff", -+ "rgb:87/87/00", -+ "rgb:87/87/5f", -+ "rgb:87/87/87", -+ "rgb:87/87/af", -+ "rgb:87/87/d7", -+ "rgb:87/87/ff", -+ "rgb:87/af/00", -+ "rgb:87/af/5f", -+ "rgb:87/af/87", -+ "rgb:87/af/af", -+ "rgb:87/af/d7", -+ "rgb:87/af/ff", -+ "rgb:87/d7/00", -+ "rgb:87/d7/5f", -+ "rgb:87/d7/87", -+ "rgb:87/d7/af", -+ "rgb:87/d7/d7", -+ "rgb:87/d7/ff", -+ "rgb:87/ff/00", -+ "rgb:87/ff/5f", -+ "rgb:87/ff/87", -+ "rgb:87/ff/af", -+ "rgb:87/ff/d7", -+ "rgb:87/ff/ff", -+ "rgb:af/00/00", -+ "rgb:af/00/5f", -+ "rgb:af/00/87", -+ "rgb:af/00/af", -+ "rgb:af/00/d7", -+ "rgb:af/00/ff", -+ "rgb:af/5f/00", -+ "rgb:af/5f/5f", -+ "rgb:af/5f/87", -+ "rgb:af/5f/af", -+ "rgb:af/5f/d7", -+ "rgb:af/5f/ff", -+ "rgb:af/87/00", -+ "rgb:af/87/5f", -+ "rgb:af/87/87", -+ "rgb:af/87/af", -+ "rgb:af/87/d7", -+ "rgb:af/87/ff", -+ "rgb:af/af/00", -+ "rgb:af/af/5f", -+ "rgb:af/af/87", -+ "rgb:af/af/af", -+ "rgb:af/af/d7", -+ "rgb:af/af/ff", -+ "rgb:af/d7/00", -+ "rgb:af/d7/5f", -+ "rgb:af/d7/87", -+ "rgb:af/d7/af", -+ "rgb:af/d7/d7", -+ "rgb:af/d7/ff", -+ "rgb:af/ff/00", -+ "rgb:af/ff/5f", -+ "rgb:af/ff/87", -+ "rgb:af/ff/af", -+ "rgb:af/ff/d7", -+ "rgb:af/ff/ff", -+ "rgb:d7/00/00", -+ "rgb:d7/00/5f", -+ "rgb:d7/00/87", -+ "rgb:d7/00/af", -+ "rgb:d7/00/d7", -+ "rgb:d7/00/ff", -+ "rgb:d7/5f/00", -+ "rgb:d7/5f/5f", -+ "rgb:d7/5f/87", -+ "rgb:d7/5f/af", -+ "rgb:d7/5f/d7", -+ "rgb:d7/5f/ff", -+ "rgb:d7/87/00", -+ "rgb:d7/87/5f", -+ "rgb:d7/87/87", -+ "rgb:d7/87/af", -+ "rgb:d7/87/d7", -+ "rgb:d7/87/ff", -+ "rgb:d7/af/00", -+ "rgb:d7/af/5f", -+ "rgb:d7/af/87", -+ "rgb:d7/af/af", -+ "rgb:d7/af/d7", -+ "rgb:d7/af/ff", -+ "rgb:d7/d7/00", -+ "rgb:d7/d7/5f", -+ "rgb:d7/d7/87", -+ "rgb:d7/d7/af", -+ "rgb:d7/d7/d7", -+ "rgb:d7/d7/ff", -+ "rgb:d7/ff/00", -+ "rgb:d7/ff/5f", -+ "rgb:d7/ff/87", -+ "rgb:d7/ff/af", -+ "rgb:d7/ff/d7", -+ "rgb:d7/ff/ff", -+ "rgb:ff/00/00", -+ "rgb:ff/00/5f", -+ "rgb:ff/00/87", -+ "rgb:ff/00/af", -+ "rgb:ff/00/d7", -+ "rgb:ff/00/ff", -+ "rgb:ff/5f/00", -+ "rgb:ff/5f/5f", -+ "rgb:ff/5f/87", -+ "rgb:ff/5f/af", -+ "rgb:ff/5f/d7", -+ "rgb:ff/5f/ff", -+ "rgb:ff/87/00", -+ "rgb:ff/87/5f", -+ "rgb:ff/87/87", -+ "rgb:ff/87/af", -+ "rgb:ff/87/d7", -+ "rgb:ff/87/ff", -+ "rgb:ff/af/00", -+ "rgb:ff/af/5f", -+ "rgb:ff/af/87", -+ "rgb:ff/af/af", -+ "rgb:ff/af/d7", -+ "rgb:ff/af/ff", -+ "rgb:ff/d7/00", -+ "rgb:ff/d7/5f", -+ "rgb:ff/d7/87", -+ "rgb:ff/d7/af", -+ "rgb:ff/d7/d7", -+ "rgb:ff/d7/ff", -+ "rgb:ff/ff/00", -+ "rgb:ff/ff/5f", -+ "rgb:ff/ff/87", -+ "rgb:ff/ff/af", -+ "rgb:ff/ff/d7", -+ "rgb:ff/ff/ff", -+ "rgb:08/08/08", -+ "rgb:12/12/12", -+ "rgb:1c/1c/1c", -+ "rgb:26/26/26", -+ "rgb:30/30/30", -+ "rgb:3a/3a/3a", -+ "rgb:44/44/44", -+ "rgb:4e/4e/4e", -+ "rgb:58/58/58", -+ "rgb:62/62/62", -+ "rgb:6c/6c/6c", -+ "rgb:76/76/76", -+ "rgb:80/80/80", -+ "rgb:8a/8a/8a", -+ "rgb:94/94/94", -+ "rgb:9e/9e/9e", -+ "rgb:a8/a8/a8", -+ "rgb:b2/b2/b2", -+ "rgb:bc/bc/bc", -+ "rgb:c6/c6/c6", -+ "rgb:d0/d0/d0", -+ "rgb:da/da/da", -+ "rgb:e4/e4/e4", -+ "rgb:ee/ee/ee", -+#else -+#error XTERM_COLORS needs to be set to 88 or 256 -+#endif - - #ifndef NO_CURSORCOLOR - COLOR_CURSOR_BACKGROUND, -@@ -688,11 +935,12 @@ rxvt_term::init_env () - rs[Rs_display_name] = val; /* use broken `:0' value */ - - i = strlen (val); -- env_display = (char *)rxvt_malloc (i + 9); -+ size_t env_display_size = i + 9; -+ env_display = (char *)rxvt_malloc (env_display_size); - -- sprintf (env_display, "DISPLAY=%s", val); -+ snprintf (env_display, env_display_size, "DISPLAY=%s", val); - -- sprintf (env_windowid, "WINDOWID=%lu", (unsigned long)parent[0]); -+ snprintf (env_windowid, sizeof (env_windowid), "WINDOWID=%lu", (unsigned long)parent[0]); - - /* add entries to the environment: - * @ DISPLAY: in case we started with -display -@@ -719,8 +967,9 @@ rxvt_term::init_env () - - if (rs[Rs_term_name] != NULL) - { -- env_term = (char *)rxvt_malloc (strlen (rs[Rs_term_name]) + 6); -- sprintf (env_term, "TERM=%s", rs[Rs_term_name]); -+ size_t size = strlen (rs[Rs_term_name]) + 6; -+ env_term = (char *)rxvt_malloc (size); -+ snprintf (env_term, size, "TERM=%s", rs[Rs_term_name]); - putenv (env_term); - } - else -@@ -1611,10 +1860,11 @@ rxvt_term::run_child (const char *const *argv) - - if (option (Opt_loginShell)) - { -- login = (char *)rxvt_malloc (strlen (argv0) + 2); -+ size_t login_size = strlen (argv0) + 2; -+ login = (char *)rxvt_malloc (login_size); - - login[0] = '-'; -- strcpy (&login[1], argv0); -+ strlcpy (&login[1], argv0, login_size - sizeof(char)); - argv0 = login; - } - Index: patches/patch-src_keyboard_C =================================================================== RCS file: patches/patch-src_keyboard_C diff -N patches/patch-src_keyboard_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_keyboard_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,13 @@ +$OpenBSD$ +--- src/keyboard.C.orig Wed Aug 25 04:07:15 2010 ++++ src/keyboard.C Sun Nov 14 14:23:05 2010 +@@ -230,7 +230,8 @@ keyboard_manager::dispatch (rxvt_term *term, KeySym ke + + memcpy (buf, prefix + 1, middle - prefix - 1); + buf [middle - prefix - 1] = middle [keysym_offset + 1]; +- strcpy (buf + (middle - prefix), suffix + 1); ++ strlcpy (buf + (middle - prefix), suffix + 1, ++ sizeof (buf) - sizeof (char) * (middle - prefix)); + + output_string (term, buf); + } Index: patches/patch-src_keyboard_c =================================================================== RCS file: patches/patch-src_keyboard_c diff -N patches/patch-src_keyboard_c --- patches/patch-src_keyboard_c 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,19 +0,0 @@ -$OpenBSD: patch-src_keyboard_c,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/keyboard.C rxvt-unicode-9.07/src/keyboard.C ---- src/keyboard.C.orig Sat Dec 26 11:21:21 2009 -+++ src/keyboard.C Tue Apr 27 18:13:09 2010 -@@ -335,7 +335,8 @@ keyboard_manager::dispatch (rxvt_term *term, KeySym ke - - memcpy (buf, prefix + 1, middle - prefix - 1); - buf [middle - prefix - 1] = middle [keysym_offset + 1]; -- strcpy (buf + (middle - prefix), suffix + 1); -+ strlcpy (buf + (middle - prefix), suffix + 1, -+ sizeof (buf) - sizeof (char) * (middle - prefix)); - - output_string (term, buf); - } Index: patches/patch-src_logging_c =================================================================== RCS file: patches/patch-src_logging_c diff -N patches/patch-src_logging_c --- patches/patch-src_logging_c 3 May 2010 16:35:20 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -$OpenBSD: patch-src_logging_c,v 1.1.1.1 2010/05/03 16:35:20 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/logging.C rxvt-unicode-9.07/src/logging.C ---- src/logging.C.orig Sun May 3 23:57:43 2009 -+++ src/logging.C Tue Apr 27 18:13:09 2010 -@@ -164,11 +164,11 @@ update_lastlog (const char *fname, const char *pty, co - return; - if (S_ISDIR (st.st_mode)) - { -- sprintf (lastlogfile, "%.*s/%.*s", -- (int)(sizeof (lastlogfile) - sizeof (pwent->pw_name) - 2), fname, -- (int)sizeof (pwent->pw_name), -- (!pwent->pw_name || pwent->pw_name[0] == '\0') ? "unknown" -- : pwent->pw_name); -+ snprintf (lastlogfile, sizeof (lastlogfile), "%.*s/%.*s", -+ (int)(sizeof (lastlogfile) - sizeof (pwent->pw_name) - 2), fname, -+ (int)sizeof (pwent->pw_name), -+ (!pwent->pw_name || pwent->pw_name[0] == '\0') ? "unknown" -+ : pwent->pw_name); - if ((fd = open (lastlogfile, O_WRONLY | O_CREAT, 0644)) >= 0) - { - write (fd, &ll, sizeof (ll)); Index: patches/patch-src_main_C =================================================================== RCS file: patches/patch-src_main_C diff -N patches/patch-src_main_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_main_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,129 @@ +$OpenBSD$ +--- src/main.C.orig Wed Nov 3 22:00:52 2010 ++++ src/main.C Sun Nov 14 15:04:04 2010 +@@ -80,7 +80,7 @@ rxvt_set_locale (const char *locale) NOTHROW + void + rxvt_push_locale (const char *locale) NOTHROW + { +- strcpy (savelocale, curlocale); ++ strlcpy (savelocale, curlocale, sizeof(savelocale)); + rxvt_set_locale (locale); + } + +@@ -390,14 +390,16 @@ print_x_error (Display *dpy, XErrorEvent *event) + rxvt_warn ("An X Error occurred, trying to continue after report.\n"); + rxvt_warn ("%s: %s\n", mesg, buffer); + XGetErrorDatabaseText(dpy, mtype, "MajorCode", "Request Major code %d", mesg, BUFSIZ); +- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->request_code); +- sprintf(number, "%d", event->request_code); ++ strlcat (mesg, "\n", sizeof (mesg)); ++ rxvt_warn (mesg, event->request_code); ++ snprintf (number, sizeof (number), "%d", event->request_code); + XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ); + rxvt_warn ("(which is %s)\n", buffer); + if (event->request_code >= 128) { + XGetErrorDatabaseText(dpy, mtype, "MinorCode", "Request Minor code %d", + mesg, BUFSIZ); +- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->minor_code); ++ strlcat (mesg, "\n", BUFSIZ); ++ rxvt_warn (mesg, event->minor_code); + } + if ((event->error_code == BadWindow) || + (event->error_code == BadPixmap) || +@@ -418,11 +420,13 @@ print_x_error (Display *dpy, XErrorEvent *event) + else + XGetErrorDatabaseText(dpy, mtype, "ResourceID", "ResourceID 0x%x", + mesg, BUFSIZ); +- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->resourceid); ++ strlcat (mesg, "\n", BUFSIZ); ++ rxvt_warn (mesg, event->resourceid); + } + XGetErrorDatabaseText(dpy, mtype, "ErrorSerial", "Error Serial #%d", + mesg, BUFSIZ); +- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->serial); ++ strlcat (mesg, "\n", BUFSIZ); ++ rxvt_warn (mesg, event->serial); + } + #endif + +@@ -950,26 +954,26 @@ rxvt_term::set_colorfgbg () + const char *xpmb = ""; + char fstr[sizeof ("default") + 1], bstr[sizeof ("default") + 1]; + +- strcpy (fstr, "default"); +- strcpy (bstr, "default"); ++ strlcpy (fstr, "default", sizeof (fstr)); ++ strlcpy (bstr, "default", sizeof (bstr)); + for (i = Color_Black; i <= Color_White; i++) + if (pix_colors[Color_fg] == pix_colors[i]) + { +- sprintf (fstr, "%d", (i - Color_Black)); ++ snprintf (fstr, sizeof (fstr), "%d", (i - Color_Black)); + break; + } + + for (i = Color_Black; i <= Color_White; i++) + if (pix_colors[Color_bg] == pix_colors[i]) + { +- sprintf (bstr, "%d", (i - Color_Black)); ++ snprintf (bstr, sizeof (bstr), "%d", (i - Color_Black)); + #ifdef BG_IMAGE_FROM_FILE + xpmb = "default;"; + #endif + break; + } + +- sprintf (env_colorfgbg, "COLORFGBG=%s;%s%s", fstr, xpmb, bstr); ++ snprintf (env_colorfgbg, sizeof (env_colorfgbg), "COLORFGBG=%s;%s%s", fstr, xpmb, bstr); + } + + /*----------------------------------------------------------------------*/ +@@ -1170,8 +1174,8 @@ rxvt_term::IMisRunning () + /* get current locale modifier */ + if (char *p = XSetLocaleModifiers (0)) + { +- strcpy (server, "@server="); +- strncat (server, p + 4, IMBUFSIZ - 9); /* skip "@im=" */ ++ strlcpy (server, "@server=", sizeof (server)); ++ strlcat (server, p + 4, sizeof (server)); /* skip "@im=" */ + + if (p = strchr (server + 1, '@')) /* first one only */ + *p = '\0'; +@@ -1400,16 +1404,16 @@ foundpet: + char *def_string; + char pat[512]; + +- sprintf (pat, +- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," +- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," +- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," +- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," +- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," +- "*", +- fheight, +- fheight + 1, fheight - 1, +- fheight - 2, fheight + 2); ++ snprintf (pat, sizeof (pat), ++ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," ++ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," ++ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," ++ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," ++ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," ++ "*", ++ fheight, ++ fheight + 1, fheight - 1, ++ fheight - 2, fheight + 2); + + fs = XCreateFontSet (dpy, rs[Rs_imFont] ? rs[Rs_imFont] : pat, + &missing_charset_list, &missing_charset_count, &def_string); +@@ -1548,8 +1552,8 @@ rxvt_term::im_cb () + { + if (*s[i]) + { +- strcpy (buf, "@im="); +- strncat (buf, s[i], IMBUFSIZ - 5); ++ strlcpy (buf, "@im=", sizeof (buf)); ++ strlcat (buf, s[i], sizeof (buf)); + if (IM_get_IC (buf)) + { + found = true; Index: patches/patch-src_main_c =================================================================== RCS file: patches/patch-src_main_c diff -N patches/patch-src_main_c --- patches/patch-src_main_c 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,135 +0,0 @@ -$OpenBSD: patch-src_main_c,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/main.C rxvt-unicode-9.07/src/main.C ---- src/main.C.orig Sat May 30 10:48:11 2009 -+++ src/main.C Tue Apr 27 18:13:09 2010 -@@ -77,7 +77,7 @@ rxvt_set_locale (const char *locale) NOTHROW - void - rxvt_push_locale (const char *locale) NOTHROW - { -- strcpy (savelocale, curlocale); -+ strlcpy (savelocale, curlocale, sizeof(savelocale)); - rxvt_set_locale (locale); - } - -@@ -385,14 +385,16 @@ print_x_error (Display *dpy, XErrorEvent *event) - rxvt_warn ("An X Error occured, trying to continue after report.\n"); - rxvt_warn ("%s: %s\n", mesg, buffer); - XGetErrorDatabaseText(dpy, mtype, "MajorCode", "Request Major code %d", mesg, BUFSIZ); -- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->request_code); -- sprintf(number, "%d", event->request_code); -+ strlcat (mesg, "\n", sizeof (mesg)); -+ rxvt_warn (mesg, event->request_code); -+ snprintf (number, sizeof (number), "%d", event->request_code); - XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ); - rxvt_warn ("(which is %s)\n", buffer); - if (event->request_code >= 128) { - XGetErrorDatabaseText(dpy, mtype, "MinorCode", "Request Minor code %d", - mesg, BUFSIZ); -- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->minor_code); -+ strlcat (mesg, "\n", BUFSIZ); -+ rxvt_warn (mesg, event->minor_code); - } - if ((event->error_code == BadWindow) || - (event->error_code == BadPixmap) || -@@ -413,11 +415,13 @@ print_x_error (Display *dpy, XErrorEvent *event) - else - XGetErrorDatabaseText(dpy, mtype, "ResourceID", "ResourceID 0x%x", - mesg, BUFSIZ); -- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->resourceid); -+ strlcat (mesg, "\n", BUFSIZ); -+ rxvt_warn (mesg, event->resourceid); - } - XGetErrorDatabaseText(dpy, mtype, "ErrorSerial", "Error Serial #%d", - mesg, BUFSIZ); -- rxvt_warn (strncat (mesg, "\n", BUFSIZ), event->serial); -+ strlcat (mesg, "\n", BUFSIZ); -+ rxvt_warn (mesg, event->serial); - } - #endif - -@@ -862,26 +866,26 @@ rxvt_term::set_colorfgbg () - const char *xpmb = ""; - char fstr[sizeof ("default") + 1], bstr[sizeof ("default") + 1]; - -- strcpy (fstr, "default"); -- strcpy (bstr, "default"); -+ strlcpy (fstr, "default", sizeof (fstr)); -+ strlcpy (bstr, "default", sizeof (bstr)); - for (i = Color_Black; i <= Color_White; i++) - if (pix_colors[Color_fg] == pix_colors[i]) - { -- sprintf (fstr, "%d", (i - Color_Black)); -+ snprintf (fstr, sizeof (fstr), "%d", (i - Color_Black)); - break; - } - - for (i = Color_Black; i <= Color_White; i++) - if (pix_colors[Color_bg] == pix_colors[i]) - { -- sprintf (bstr, "%d", (i - Color_Black)); -+ snprintf (bstr, sizeof (bstr), "%d", (i - Color_Black)); - #ifdef BG_IMAGE_FROM_FILE - xpmb = "default;"; - #endif - break; - } - -- sprintf (env_colorfgbg, "COLORFGBG=%s;%s%s", fstr, xpmb, bstr); -+ snprintf (env_colorfgbg, sizeof (env_colorfgbg), "COLORFGBG=%s;%s%s", fstr, xpmb, bstr); - } - - /*----------------------------------------------------------------------*/ -@@ -1085,8 +1089,8 @@ rxvt_term::IMisRunning () - /* get current locale modifier */ - if (char *p = XSetLocaleModifiers (0)) - { -- strcpy (server, "@server="); -- strncat (server, p + 4, IMBUFSIZ - 9); /* skip "@im=" */ -+ strlcpy (server, "@server=", sizeof (server)); -+ strlcat (server, p + 4, sizeof (server)); /* skip "@im=" */ - - if (p = strchr (server + 1, '@')) /* first one only */ - *p = '\0'; -@@ -1315,16 +1319,16 @@ foundpet: - char *def_string; - char pat[512]; - -- sprintf (pat, -- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -- "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -- "*", -- fheight, -- fheight + 1, fheight - 1, -- fheight - 2, fheight + 2); -+ snprintf (pat, sizeof (pat), -+ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -+ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -+ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -+ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -+ "-*-*-*-R-*-*-%d-*-*-*-*-*-*," -+ "*", -+ fheight, -+ fheight + 1, fheight - 1, -+ fheight - 2, fheight + 2); - - fs = XCreateFontSet (dpy, rs[Rs_imFont] ? rs[Rs_imFont] : pat, - &missing_charset_list, &missing_charset_count, &def_string); -@@ -1463,8 +1467,8 @@ rxvt_term::im_cb () - { - if (*s[i]) - { -- strcpy (buf, "@im="); -- strncat (buf, s[i], IMBUFSIZ - 5); -+ strlcpy (buf, "@im=", sizeof (buf)); -+ strlcat (buf, s[i], sizeof (buf)); - if (IM_get_IC (buf)) - { - found = true; Index: patches/patch-src_rxvt_h =================================================================== RCS file: patches/patch-src_rxvt_h diff -N patches/patch-src_rxvt_h --- patches/patch-src_rxvt_h 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,88 +0,0 @@ -$OpenBSD: patch-src_rxvt_h,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ ---- src/rxvt.h.orig Sat May 30 10:48:11 2009 -+++ src/rxvt.h Thu Apr 22 13:38:22 2010 -@@ -312,24 +312,46 @@ enum { - - #define RS_None 0 - -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - #define RS_fgMask 0x0000007fUL // 128 colors - #define RS_bgMask 0x00003f80UL // 128 colors -+#elif XTERM_COLORS == 256 -+#define RS_fgMask 0x000001ffUL // 512 colors -+#define RS_bgMask 0x0003fe00UL // 512 colors -+#endif - - // font styles -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - #define RS_Bold 0x00004000UL // value 1 - #define RS_Italic 0x00008000UL // value 2 -+#elif XTERM_COLORS == 256 -+#define RS_Bold 0x00040000UL // value 1 -+#define RS_Italic 0x00080000UL // value 2 -+#endif - - // fake styles -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - #define RS_Blink 0x00010000UL // blink - #define RS_RVid 0x00020000UL // reverse video - #define RS_Uline 0x00040000UL // underline -+#elif XTERM_COLORS == 256 -+#define RS_Blink 0x00100000UL // blink (disabled) -+#define RS_RVid 0x00200000UL // reverse video (disabled) -+#define RS_Uline 0x00400000UL // underline -+#endif - -+ - // toggle this to force redraw, must be != RS_Careful - #define RS_redraw 0x01000000UL - -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - // 5 custom bits for extensions - #define RS_customCount 32 - #define RS_customMask 0x00f80000UL -+#elif XTERM_COLORS == 256 -+#define RS_customCount 0 -+#define RS_customMask 0x00000000UL -+#endif - #define RS_customShift 19 - - // other flags -@@ -337,7 +359,11 @@ enum { - - #define RS_styleCount 4 - #define RS_styleMask (RS_Bold | RS_Italic) -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - #define RS_styleShift 14 -+#elif XTERM_COLORS == 256 -+#define RS_styleShift 18 -+#endif - - #define RS_baseattrMask (RS_Italic | RS_Bold | RS_Blink | RS_RVid | RS_Uline) - #define RS_attrMask (RS_baseattrMask | RS_fontMask) -@@ -463,7 +489,13 @@ enum colour_list { - Color_White = maxCOLOR, - #endif - minTermCOLOR = Color_White + 1, -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - maxTermCOLOR = Color_White + 72, -+#elif (XTERM_COLORS == 256) -+ maxTermCOLOR = Color_White + 240, -+#else -+#error XTERM_COLORS needs to be set to 88 or 256 -+#endif - #ifndef NO_CURSORCOLOR - Color_cursor, - Color_cursor2, -@@ -503,7 +535,11 @@ enum colour_list { - #endif - }; - -+#if !defined(XTERM_COLORS) || XTERM_COLORS == 88 - #define Color_Bits 7 // 0 .. maxTermCOLOR -+#elif XTERM_COLORS == 256 -+#define Color_Bits 9 // 0 .. maxTermCOLOR -+#endif - - /* - * Resource list Index: patches/patch-src_rxvtc_C =================================================================== RCS file: patches/patch-src_rxvtc_C diff -N patches/patch-src_rxvtc_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_rxvtc_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- src/rxvtc.C.orig Sun Jun 15 15:39:43 2008 ++++ src/rxvtc.C Sun Nov 14 14:23:05 2010 +@@ -62,7 +62,7 @@ client::client () + } + + sa.sun_family = AF_UNIX; +- strcpy (sa.sun_path, sockname); ++ strlcpy (sa.sun_path, sockname, sizeof(sa.sun_path)); + free (sockname); + + if (connect (fd, (sockaddr *)&sa, sizeof (sa))) Index: patches/patch-src_rxvtc_c =================================================================== RCS file: patches/patch-src_rxvtc_c diff -N patches/patch-src_rxvtc_c --- patches/patch-src_rxvtc_c 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,18 +0,0 @@ -$OpenBSD: patch-src_rxvtc_c,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/rxvtc.C rxvt-unicode-9.07/src/rxvtc.C ---- src/rxvtc.C.orig Sun Jun 15 15:39:43 2008 -+++ src/rxvtc.C Tue Apr 27 18:13:09 2010 -@@ -62,7 +62,7 @@ client::client () - } - - sa.sun_family = AF_UNIX; -- strcpy (sa.sun_path, sockname); -+ strlcpy (sa.sun_path, sockname, sizeof(sa.sun_path)); - free (sockname); - - if (connect (fd, (sockaddr *)&sa, sizeof (sa))) Index: patches/patch-src_rxvtd_C =================================================================== RCS file: patches/patch-src_rxvtd_C diff -N patches/patch-src_rxvtd_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_rxvtd_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- src/rxvtd.C.orig Sun Oct 24 19:51:51 2010 ++++ src/rxvtd.C Sun Nov 14 14:23:05 2010 +@@ -100,7 +100,7 @@ unix_listener::unix_listener (const char *sockname) + fcntl (fd, F_SETFL, O_NONBLOCK); + + sa.sun_family = AF_UNIX; +- strcpy (sa.sun_path, sockname); ++ strlcpy (sa.sun_path, sockname, sizeof(sa.sun_path)); + + unlink (rxvt_connection::unix_sockname ()); + Index: patches/patch-src_rxvtd_c =================================================================== RCS file: patches/patch-src_rxvtd_c diff -N patches/patch-src_rxvtd_c --- patches/patch-src_rxvtd_c 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,18 +0,0 @@ -$OpenBSD: patch-src_rxvtd_c,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/rxvtd.C rxvt-unicode-9.07/src/rxvtd.C ---- src/rxvtd.C.orig Sat May 9 01:52:42 2009 -+++ src/rxvtd.C Tue Apr 27 18:13:09 2010 -@@ -100,7 +100,7 @@ unix_listener::unix_listener (const char *sockname) - fcntl (fd, F_SETFL, O_NONBLOCK); - - sa.sun_family = AF_UNIX; -- strcpy (sa.sun_path, sockname); -+ strlcpy (sa.sun_path, sockname, sizeof(sa.sun_path)); - - unlink (rxvt_connection::unix_sockname ()); - Index: patches/patch-src_rxvtfont_C =================================================================== RCS file: patches/patch-src_rxvtfont_C diff -N patches/patch-src_rxvtfont_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_rxvtfont_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,31 @@ +$OpenBSD$ +--- src/rxvtfont.C.orig Sun Oct 24 19:52:47 2010 ++++ src/rxvtfont.C Sun Nov 14 14:23:05 2010 +@@ -682,10 +682,13 @@ replace_field (char **ptr, const char *name, int index + if (slashes >= 13 && (!old || *field == old)) + { + size_t len = field - name; +- *ptr = (char *)malloc (len + strlen (replace) + strlen (end) + 1); ++ size_t len_replace = strlen (replace); ++ size_t len_end = strlen (end); ++ *ptr = (char *)malloc (len + len_replace + len_end + 1); + memcpy (*ptr, name, len); +- strcpy (*ptr + len, replace); +- strcat (*ptr, end); ++ memcpy (*ptr + len, replace, len_replace); ++ memcpy (*ptr + len + len_replace, end, len_end); ++ (*ptr)[len + len_replace + len_end] = 0; + + return true; + } +@@ -746,8 +749,8 @@ rxvt_font_x11::load (const rxvt_fontprop &prop, bool f + } + } + +- sprintf (field_str, "%d", prop.height == rxvt_fontprop::unset +- ? 0 : prop.height); ++ snprintf (field_str, sizeof (field_str), "%d", ++ prop.height == rxvt_fontprop::unset ? 0 : prop.height); + + struct font_weight { + char *name; Index: patches/patch-src_rxvtfont_c =================================================================== RCS file: patches/patch-src_rxvtfont_c diff -N patches/patch-src_rxvtfont_c --- patches/patch-src_rxvtfont_c 3 May 2010 16:35:20 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,37 +0,0 @@ -$OpenBSD: patch-src_rxvtfont_c,v 1.1.1.1 2010/05/03 16:35:20 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/rxvtfont.C rxvt-unicode-9.07/src/rxvtfont.C ---- src/rxvtfont.C.orig Sat Apr 4 23:27:28 2009 -+++ src/rxvtfont.C Tue Apr 27 18:13:09 2010 -@@ -632,10 +632,13 @@ replace_field (char **ptr, const char *name, int index - if (slashes >= 13 && (!old || *field == old)) - { - size_t len = field - name; -- *ptr = (char *)malloc (len + strlen (replace) + strlen (end) + 1); -+ size_t len_replace = strlen (replace); -+ size_t len_end = strlen (end); -+ *ptr = (char *)malloc (len + len_replace + len_end + 1); - memcpy (*ptr, name, len); -- strcpy (*ptr + len, replace); -- strcat (*ptr, end); -+ memcpy (*ptr + len, replace, len_replace); -+ memcpy (*ptr + len + len_replace, end, len_end); -+ (*ptr)[len + len_replace + len_end] = 0; - - return true; - } -@@ -696,8 +699,8 @@ rxvt_font_x11::load (const rxvt_fontprop &prop, bool f - } - } - -- sprintf (field_str, "%d", prop.height == rxvt_fontprop::unset -- ? 0 : prop.height); -+ snprintf (field_str, sizeof (field_str), "%d", -+ prop.height == rxvt_fontprop::unset ? 0 : prop.height); - - struct font_weight { - char *name; Index: patches/patch-src_xdefaults_C =================================================================== RCS file: patches/patch-src_xdefaults_C diff -N patches/patch-src_xdefaults_C --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_xdefaults_C 14 Nov 2010 14:19:06 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ +--- src/xdefaults.C.orig Fri Oct 15 00:13:23 2010 ++++ src/xdefaults.C Sun Nov 14 15:09:59 2010 +@@ -560,8 +560,9 @@ rxvt_term::get_options (int argc, const char *const *a + { + if (i+1 < argc) + { +- char *res = rxvt_temp_buf<char> (strlen (opt) + strlen (argv[++i]) + 6); +- sprintf (res, "*.%s: %s\n", opt, argv[i]); ++ size_t size = strlen (opt) + strlen (argv[++i]) + 6; ++ char *res = rxvt_temp_buf<char> (size); ++ snprintf (res, size, "*.%s: %s\n", opt, argv[i]); + XrmPutLineResource (&option_db, res); + } + } Index: patches/patch-src_xdefaults_c =================================================================== RCS file: patches/patch-src_xdefaults_c diff -N patches/patch-src_xdefaults_c --- patches/patch-src_xdefaults_c 3 May 2010 16:35:22 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,21 +0,0 @@ -$OpenBSD: patch-src_xdefaults_c,v 1.1.1.1 2010/05/03 16:35:22 dcoppa Exp $ - -Fix possible off-by-one buffer overflows by replacing every call of -strcpy, strcat, sprintf by respectively strlcpy, strlcat and snprintf. - -- 2010-04-16 Thomas de Grivel <billi...@gmail.com> - -diff -ruN rxvt-unicode-9.07.orig/src/xdefaults.C rxvt-unicode-9.07/src/xdefaults.C ---- src/xdefaults.C.orig Sat Dec 26 11:10:34 2009 -+++ src/xdefaults.C Tue Apr 27 18:13:09 2010 -@@ -555,8 +555,9 @@ rxvt_term::get_options (int argc, const char *const *a - { - if (i+1 < argc) - { -- char *res = (char *)malloc (strlen (opt) + strlen (argv[++i]) + 6); -- sprintf (res, "*.%s: %s\n", opt, argv[i]); -+ size_t size = strlen (opt) + strlen (argv[++i]) + 6; -+ char *res = (char *)malloc (size); -+ snprintf (res, size, "*.%s: %s\n", opt, argv[i]); - XrmPutLineResource (&option_db, res); - free (res); - } Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/x11/rxvt-unicode/pkg/PLIST,v retrieving revision 1.1.1.1 diff -p -u -r1.1.1.1 PLIST --- pkg/PLIST 3 May 2010 16:35:23 -0000 1.1.1.1 +++ pkg/PLIST 14 Nov 2010 14:19:06 -0000 @@ -5,10 +5,13 @@ lib/urxvt/ lib/urxvt/perl/ lib/urxvt/perl/block-graphics-to-ascii +lib/urxvt/perl/clipboard-osc +lib/urxvt/perl/confirm-paste lib/urxvt/perl/digital-clock lib/urxvt/perl/example-refresh-hooks lib/urxvt/perl/kuake lib/urxvt/perl/macosx-clipboard +lib/urxvt/perl/macosx-clipboard-native lib/urxvt/perl/matcher lib/urxvt/perl/option-popup lib/urxvt/perl/overlay-osc